9.3
CVE-2019-25362 - WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a staβ¦
8.6
CVE-2019-25361 - Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow
Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150.
8.4
CVE-2019-25360 - Aida64 6.10.5200 - Buffer Overflow
Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. Attackers can exploit the vulnerability by creating a malformed log file with carefully constructed SEH (Struβ¦
8.8
CVE-2019-25359 - SD.NET RIM 4.7.3c - 'idtyp' SQL Injection
SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. Attackers can exploit this vulnerability by crafting specially formed POST requests to the /vorlagen/ endpoint, enabling β¦
8.7
CVE-2019-25358 - FileOptimizer 14.00.2524 - Denial of Service
FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when openβ¦
8.4
CVE-2019-25357 - Control Center PRO 6.2.9 - Local Stack Based BufferOverflow
Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and potentially execute aβ¦
5.1
CVE-2019-25356 - Bematech Printer MP-4200 TH Cross-Site Scripting
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScriptβ¦
8.7
CVE-2019-25355 - Genivia gSOAP 2.8 - 'gSOAP' Path Traversal
gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal sequencβ¦
4.6
CVE-2019-25354 - iSmartViewPro 1.3.34 - Denial of Service
iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices.
4.6
CVE-2019-25353 - Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service
Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash during device login.